Part A, of the Office of the Secretary, Statement of Organization, Functions and Delegation of Authority for the Department of Health and Human Services, is being amended at Chapter AM, HHS Management and Budget Office, Chapter AMM, Office of Information Resources Management (OIRM), as last amended at 63 FR 31779-81, June 10, 1998. The changes are to reflect a realignment of functions within the existing components and the establishment of an Office of Information Technology Security and Privacy within the Office of Information Resources Management. The changes are as follows:
Delete in its entirety Chapter AMM, Office of Information Resources Management and replace with the following:
Chapter AMM, Office of Information Resources Management AMM.00 Mission. The Office of Information Resources Management advises the Secretary and the Assistant Secretary for Management and Budget/Chief Information Officer (CIO) on matters pertaining to the use of information and related technologies to accomplish Departmental goals and program objectives. The mission of the Office is to provide assistance and guidance on the use of technology-supported business process reengineering, investment analysis, performance measurement, and strategic development and application of information systems and infrastructure, policies to provide improved management of information resources and technology, and better, more efficient service to our clients and employees.
The Office is responsible for the overall quality of information resources management throughout the Department; representing the Department to central management agencies (e.g., the Office of Management and Budget); developing and monitoring Departmentwide Enterprise Infrastructure Management strategy; developing and maintaining the Department's information technology architecture; developing and establishing Departmental information technology policies, and advocating rigorous methods for analyzing, selecting, developing, operating, and maintaining information systems.
The Office collaborates with the Operating Divisions (OPDIVs) and Staff Divisions (StaffDivs) of the Department to resolve policy and management issues, manage risk associated with major information systems, evaluate and approve investments in technology, monitor Departmental policy and architectural compliance, and share best practices.
The Office exercises authorities delegated by the Secretary to the Assistant Secretary for Management and Budget, as the CIO for the Department. These authorities derive from the Information Technology Management Reform Act of 1996, the Paperwork Reduction Act of 1995, the Computer Matching and Privacy Act of 1988, the Computer Security Act of 1987, the National Archives and Records Administration Act of 1984, the competition in Contracting Act of 1984, the Federal Records Act of 1950, OMB Circular A-130, Government Printing and Binding Regulations issued by the Joint Committee on Printing, and Presidential Decision Directive 63.
Section AMM.10 Organization. The Office of Information Resources Management (OIRM), under the supervision of the Deputy Assistant Secretary for Information Resources Management/Deputy CIO, who reports to the Assistant Secretary for Management and Budget/CIO, consists of the following:
- Immediate Office (AMMA)
- Office of Information Technology Policy (AMMJ)
- Office of Information Technology Services (AMML)
- Office of Information Technology Development (AMMM)
- Office of Information Technology Security and Privacy (AMMN)
Section AMM.20 Functions. A. The Immediate Office of Information Resources Management is responsible for the following:
1. Providing advice and counsel to the Secretary and the Assistant Secretary for Management and Budget/Chief Information Officer under the direction of the Deputy Assistant Secretary for Information Resources Management serving as the Department's Deputy CIO.
2. Providing executive direction to align Departmental strategic planning for information resources and technology with the Department's strategic business planning.
3. Providing executive direction to develop and maintain Departmental information technology policy and architecture.
4. Promoting business process reengineering, investment analysis, and performance measurement throughout the Department, to capitalize on evolving information technology, treating it as an investment rather than as an expense.
5. Representing the Department in Federal Governmentwide initiatives to develop policy and implement an information infrastructure.
6. Chairing the Department's Information Technology Investment Review Board (ITIRB) and the Department's Chief Information Officers' Advisory Council (y the Deputy Assistant Secretary for Information Resources Management/Deputy CIO). Chairing the Office of the Secretary Information Resources Management Policy and Planning Board (by the Deputy Office Director).
7. Managing funds, personnel, information, property, and projects of the Office of Information Resources management.
8. Acting as the CIO for the Office of the Secretary.
B. The Office of Information Technology Policy (OITP) is responsible for the following:
1. Working with OPDIV Chief Information Officers (CIOs) to support Governmentwide initiatives of the Federal CIO Council and to jointly identify opportunities for participation and consultation in planning information technology projects with major effects on OPDIV program performance (e.g., capital planning and investment, security, information technology architecture). OITP provides leadership primarily in the planning, design, and evaluation of major projects.
2. Assessing risks that major information systems pose to successful performance of program operations and efficient conduct of administrative business throughout the Department, developing risk assessment policies and standard operating procedures and tools, and using program outcome measures to gauge the quality of Departmental information resources management.
3. Coordinating the Department's strategic planning and budgeting processes for information technology, providing direct planning development and support to assure that IRM plans support agency business planning and mission accomplishment.
4. Coordinating the activities of the Departmental Information Technology Investment Review Board (ITIRB) in assessing the Department's major information systems to analyze and evaluate IT investment decisions based on risk-adjusted rate of return and support of agency mission. Review OPDIV ITIRB implementations, IT capital funding decisions, and use of performance metrics to evaluate program success or failure for both initial and continued funding.
5. Developing policies and guidance on information resources and technology management as required by law or regulation, or in consultation with program managers on issues of Departmental scope.
6. Coordinating and supporting the Department's Chief Information Officer's Advisory Council, whose membership consists of the Chief Information Officers from each OPDIV.
7. Establishing guidance and training requirements for managers of information systems designated as sensitive under the Department's automated information systems security program.
8. Providing leadership for special priority initiatives of Department-wide scope (e.g., infrastructure management, security).
9. Representing the Department through participation on interagency and Departmental work groups and task forces.
10. Working with OPDIV Chief Information Officers to jointly identify opportunities for participation and consultation in administering information management functions and telecommunications initiatives with major effects on OPDIV performance. OITP provides leadership primarily in defining alternatives for acquisition of telecommunications services and coordinating implementation of information management initiatives.
11. Managing the Department's telecommunications program, including the development of Departmental telecommunications policies and support of Government-wide telecommunications management projects and processes (e.g., the Interagency Management Council (IMC) and FTS2000 and successor contracts).
13. Managing the Department's information collection program, including development of Departmental policies, coordinating the development of the Department's information collection budget, reviewing and certifying requests to collect, information from the public.
13. Approving and reporting on computer matching activities as required by law through the Departmental Data Integrity Board.
14. Managing the Departmental printing management, records management, and mail management policy programs.
15. Providing support for special priority initiatives (e.g., the Government Information Locator System, Internet Electronic Government (E-GOV) managment).
C. The Office of Information Technology Services (OITS) is responsible for the following:
1. Operating, maintaining, and enhancing the Office of the Secretary's computer network consisting of interconnected local area networks with wide area network access to Departmental data centers, external organizations, Internet resources and commercial information services for the Office of the Secretary and organizations participating through interagency agreements.
2. Establishing and monitoring network policies and procedures, and developing plans and budgets for network support services.
3. Identifying, implementing, and maintaining standard office automation applications running on the Office of the Secretary network, such as electronic mail, scheduling, Internet/Intranet, and bulletin board services.
4. Working with other HHS Operating and Staff Divisions to implement electronic links between the Office of the Secretary computer network and other networks in conjunction with changing user needs and technological advancements.
5. Ensuring reliable, high-performance network services, including implementation of automated tools and procedures for network management, utilizing network performance measure to enhancing network security, providing priority response services for network-related problems, and providing remote access to the network for field use and for telecommuting.
6. Implementing and operating electronic tools to enhance Secretarial communications with all HHS personnel.
7. Coordinating with the Program Support Center or other external providers, the delivery of voice, voice messaging, and video conferencing services for the Office of the Secretary, including system design and implementation, and cost sharing.
8. Coordinating the OS strategic planning and budgeting processes for information technology, providing direct planning support to assure that IRM plans support agency business planning and mission accomplishment.
9. Developing policies and guidance on information resources management within the Office of the Secretary for acquisition and use of information technology, development of architectural standards for interoperability, and coordination of implementation procedures.
10. Maintaining and operating the inventory of automated data processing equipment for the Office of the Secretary.
11. Operating and maintaining an information technology support service (Help Desk) for the Office of the Assistant Secretary for Management and Budget, the Immediate Office of the Secretary, and subscribing Staff Divisions, for managing standard hardware and software configurations, user applications, and network support.
12. Managing contracts for IRM-related equipment and support services.
13. Coordinating and supporting the Office of the Secretary Information Resources Management Policy and Planning Board, an advisory body whose membership consists of the Staff Division Chief Information Officers.
14. Representing the Department through participation on interagency and Departmental work groups and task forces.
D. The Officer of Information Technology Development (OITD) is responsible for the following:
1. Leading Departmental efforts to expand availability of electronic means for conducting business among all components of the Department, all agencies of the Federal government, and all parties involved in accomplishing Departmental program objectives (including State Governments, contractors, grantees, other service providers, and the general public). This include provision of existing documents in electronic format on the Internet in support of electronic dissemination to the public.
2. Supporting implementation of general purpose, standards-based, distributed computing environments consisting of data communications networks, database management systems, and information processing platforms, to promote market competition and reengineering of application systems for cost-effectiveness, scalability, and flexibility.
3. Providing access for all employees within the office of the Secretary to services and related tools, for systems engineering, applications development, and systems maintenance, to exploit the distributed computing environment and to share resources and best practices.
4. Identifying key emerging, enabling technologies, especially Internet and database innovations, and coordinate, manage or direct pilot project in these areas to establish proof of concept, confirm return on investment, or implement initial production implementations in support of agency information technology business requirements.
5. Supporting effective use of available means to achieve electronic messaging, database access, file transfer, and transaction processing through Internet and commercial information services.
6. Supporting implementation of a general purpose, standards-base IT architecture, promoting and coordination implementation of data standards for information integration across application systems, utilizing distributed computing environments consisting of data communications networks, database management system, and information processing platforms.
7. Assisting managers of applications systems to increase the value and quality of their services and to control risks associated with systems integration, technological obsolescence, software development, and migration to standards-based technologies, especially for systems automating common administrative and management services.
8. Maintaining a collection of technical reference documents, including policies, standards, trade press, market research, and advisory service publications.
9. Representing the Department through participation on interagency and Departmental work groups and task forces.
10. Managing and supporting the HHS Internet Information Management Council, as the focal point for Internet information management and dissemination issues and Department policy to build HHS' expanding Internet presence.
E. The Office of Information Technology Security and Privacy is responsible for the following:
1. Implementing and administering the program to protect the information resources of the Department in compliance with legislation, Executive Orders, directives of the Office of Management and Budget (OMB), or other mandated requirements (e.g., Presidential Decision Directive 63, OMB Circular A-130), the National Security Agency, and other Federal agencies.
2. Developing cyber security policies and guidance (e.g., hardware, software, telecommunications) for the Department. Policy should also include employees and contractors who are responsible for systems or data, or for the acquisition, management, or use of information resources. In addition, maintaining the DHHS Automated Information Systems Security Program handbook as needed.
3. Monitoring OPDIV and StaffDiv information system security program activities by reviewing Operating Division and Staff Division security plans for sensitive systems, and evaluating safeguards to protect major information systems, or IT infrastructure.
4. Responsible for responding to requests in conjunction with OMB Circular A-130, the Computer Security Act of 1987, and Presidential Decision Directive 63, or other legislative or mandated requirements related to IT security or privacy.
5. Monitoring all Departmental systems development and operations for security and privacy compliance.
6. Recommending to the CIO to grant or deny programs the authority to operate information systems.
7. Establishing and leading inter-OPDIV teams to conduct reviews of OPDIV programs to protect HHS' cyber and personnel security programs. These teams will conduct vulnerability assessments of HHS' critical assets.
8. Coordinating activities with internal and external organizations reviewing the Department's information resources for fraud, waste, and abuse, and to avoid duplication of effort across these programs.
9. Developing, implementing, and evaluating an employee cyber security awareness and training program to meet the requirements as mandated by OMB Circular A-130, and the Computer Security Act.
10. Establishing and providing leadership to the subcommittee of the HHS CIO Council on Security.
11. Establishing and leading the HHS Computer Security Incident Response Capability team, the Department's overall cyber security incident response/coordination center and primary point of contact for Federal Computer Incident Response Capability (FedCIRC) and National Infrastructure Protection Center (NIPC).
Dated: August 15, 2000.
John J. Callahan,
Assistant Secretary for Management and Budget.
[FR Doc. 00-22569 Filed 9-1-00; 8:45 am]
BILLING CODE 4150-04-M